WPA-Enterprise security
If you will use FortiOS user groups for authentication, go to User & Device > User > User Groups and create those groups first. The groups should be Firewall groups.
If you will use a RADIUS server to authenticate wireless clients, you must first configure the FortiGate unit to access the RADIUS server.
To configure FortiGate unit access to the RADIUS server - web-based manager
1. Go to User & Device > Authentication > RADIUS Servers and select Create New.
2. Enter a Name for the server.
3. In Primary Server Name/IP, enter the network name or IP address for the server.
4. In Primary Server Secret, enter the shared secret used to access the server.
5. Optionally, enter the information for a secondary or backup RADIUS server.
6. Select OK.
To configure the FortiGate unit to access the RADIUS server - CLI
config user radius
edit exampleRADIUS
set auth-type auto
set server 10.11.102.100
set secret aoewmntiasf
end
To configure WPA-Enterprise security - web-based manager
1. Go to WiFi Controller > WiFi Network > SSID and edit your SSID entry.
2. In Security Mode, select WPA2 Enterprise.
3. In Authentication, do one of the following:
• If you will use a RADIUS server for authentication, select RADIUS Server and then select the RADIUS server.
• If you will use a local user group for authentication, select Local and then select the user group(s) permitted to use the wireless network.
4. Select OK.
To configure WPA-Enterprise security - CLI
config wireless-controller vap
edit example_wlan
set security wpa2-enterprise
set auth radius
set radius-server exampleRADIUS
end